CVE-2025-7755
BaseFortify
Publication date: 2025-07-17
Last updated on: 2026-04-29
Assigner: VulDB
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| online_ordering_system_project | online_ordering_system | 1.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
| CWE-284 | The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-7755 is a critical vulnerability in the code-projects Online Ordering System 1.0, specifically in the /admin/edit_product.php file. It arises from improper handling of the 'image' parameter, allowing attackers to upload malicious files such as PHP webshells without restriction. Attackers can bypass file type and content validation controls to upload executable scripts, which are stored in web-accessible directories without execution restrictions. This enables attackers to remotely execute arbitrary system commands, browse the file system, steal sensitive data, and maintain persistent access using tools like the AntSword webshell client. [1, 2, 3]
How can this vulnerability impact me? :
This vulnerability can lead to full system compromise of the affected Online Ordering System. Attackers can execute arbitrary commands, access and steal sensitive data such as database configuration files and user information, escalate privileges, move laterally within internal networks, and maintain persistence by uploading additional backdoors. The system's confidentiality, integrity, and availability are all at risk due to unrestricted file uploads and insecure file storage. [1, 2, 3]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can be performed by monitoring for suspicious file uploads and webshell activity. Specifically, look for uploads of PHP files to the /admin/edit_product.php endpoint or the uploads directory. Use web server logs to identify POST requests with multipart/form-data to /admin/edit_product.php containing PHP code or suspicious filenames like shell.php. Additionally, monitor for POST requests containing payloads with patterns such as 'eval(base64_decode' or POST parameters starting with 'a=ZXZ' (Base64 prefix for 'eval'), which are indicative of AntSword webshell communication. Commands to detect such activity include: 1) Using grep on web server access logs to find suspicious uploads: `grep -i 'POST /admin/edit_product.php' /var/log/apache2/access.log | grep -i 'shell.php'` 2) Searching for suspicious POST data patterns in logs or via network capture tools like tcpdump or Wireshark. 3) Using find to locate recently uploaded PHP files in the uploads directory: `find /path/to/uploads -name '*.php' -mtime -7` 4) Employing EDR or file integrity monitoring tools to alert on new PHP files in web-accessible directories. 5) Using WAF logs or rules to detect and block AntSword-specific payloads. [3, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Blocking uploads of PHP scripts via web server configuration, for example, in Apache: `<FilesMatch "\.(php|php3|php5|phtml)$"> Require all denied </FilesMatch>`. 2) Deploying Web Application Firewall (WAF) rules to detect and block AntSword-specific payloads, such as those containing 'eval(base64_decode' or POST parameters starting with 'a=ZXZ'. 3) Restricting execution permissions in the uploads directory to prevent execution of uploaded scripts. 4) Monitoring and logging suspicious requests involving dangerous functions like 'eval' and 'base64_decode'. 5) As a longer-term solution, replace the affected product or apply patches if available, and implement strict file upload validation and storage policies. [3, 2]